-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2005-04-15 Mac OS X v10.3.9
Mac OS X v10.3.9 and Mac OS X Server v10.3.9 are now available and
deliver the following security enhancements:
Kernel
CVE ID: CAN-2005-0969
Impact: A kernel input validation issue can lead to a local denial
of service
Description: The Kernel contains syscall emulation functionality
that was never used in Mac OS X. Insufficient validation of an input
parameter list could result in a heap overflow and a local denial of
service through a kernel panic. The issue is addressed by removing
the syscall emulation functionality. Credit to Dino Dai Zovi for
reporting this issue.
Kernel
CVE ID: CAN-2005-0970
Impact: Permitting SUID/SGID scripts to be installed could lead to
privilege escalation.
Description: Mac OS X inherited the ability to run SUID/SGID scripts
from FreeBSD. Apple does not distribute any SUID/SGID scripts, but
the system would allow them to be installed or created. This update
removes the ability of Mac OS X to run SUID/SGID scripts. Credit to
Bruce Murphy of rattus.net and Justin Walker for reporting this
issue.
Kernel
CVE ID: CAN-2005-0971
CERT: VU#212190
Impact: A Kernel stack overflow in the semop() system call could
lead to a local privilege escalation.
Description: The incorrect handling of system call arguments could
be used to obtain elevated privileges. This update includes a fix to
check access to the kernel object.
Kernel
CVE ID: CAN-2005-0972
CERT: VU#185702
Impact: An integer overflow in the searchfs() system call could
allow an unprivileged local user to execute arbitrary code with
elevated privileges
Description: The searchfs() system call contains an integer overflow
vulnerability that could allow an unprivileged local user to execute
arbitrary code with elevated privileges. This update adds input
validation on the parameters passed to searchfs() to correct the
issue.
Kernel
CVE ID: CAN-2005-0973
Impact: Local system users can cause a system resource starvation
Description: A vulnerability in the handling of values passed to the
setsockopt() call could allow unprivileged local users to exhaust
available memory. Credit to Robert Stump for
reporting this issue.
Kernel
CVE ID: CAN-2005-0974
CERT: VU#713614
Impact: Local system users can cause a local denial of service
Description: A vulnerability in the nfs_mount() call due to
insufficient checks on input values could allow unprivileged local
users to create a denial of service via a kernel panic.
Kernel
CVE ID: CAN-2005-0975
Impact: Local system users can cause a temporary interruption of
system operation
Description: A vulnerability in the parsing of certain executable
files could allow unprivileged local users to temporarily suspend
system operations. Credit to Neil Archibald for reporting this
issue.
Safari
CVE ID: CAN-2005-0976
Impact: Remote sites could cause html and javascript to run in the
local domain.
Description: This update closes a vulnerability that allowed remote
websites to load javascript to execute in the local domain. Credit
to David Remahl for reporting this issue.
Note: It is Apple's standard practice to provide security fixes via
a Security Update. On occasion, when a security fix is required to a
core system component such as the Kernel, it will be released in a
Software Update.
Mac OS X v10.3.9 and Mac OS X Server v10.3.9 may be obtained from the
Software Update pane in System Preferences, or Apple's Software
Downloads web site: http://www.apple.com/support/downloads/
For Mac OS X v10.3.9
If updating from Mac OS X v10.3.8:
The download file is named: "MacOSXUpdate10.3.9.dmg"
Its SHA-1 digest is: 94ca918ce07f7318488cb5d3a0c754bb3a8c7b07
For Mac OS X v10.3.9
If updating from Mac OS X v10.3 to v10.3.7:
The download file is named: "MacOSXUpdateCombo10.3.9.dmg"
Its SHA-1 digest is: f74f7e76e7a04ec623046934980edbba8c4798c4
For Mac OS X Server v10.3.9
If updating from Mac OS X Server v10.3.8:
The download file is named: "MacOSXServerUpdate10.3.9.dmg"
Its SHA-1 digest is: 2a7ac87fa36f5883f1ccb8ef5ab83b2e840896bc
For Mac OS X Server v10.3.9
If updating from Mac OS X Server v10.3 to v10.3.7:
The download file is named: "MacOSXSrvrUpdCombo10.3.9.dmg"
Its SHA-1 digest is: 17d125118ca3b278b7558488364d0aacaf826dbd
Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQEVAwUBQmAk3Zyw5owIz4TQAQIx8gf/XNQ+PrURNg0sdQsTEhxoz/9z1xnwXcHY
A8mSrx3eGUpfwGGJFoF13R18bzSuhqO60ldbdOGCU8mgHHBbFQBWONsejttb6TIe
79vczBVMf6ZbpSXUQLCLnsXjgiwfQMMQ+bVrQCfwg4KBeyd+Fb48DxQr1YBLlHY0
bznupfN3O6+ERlpFRV/A9TCFkHQ8gu0pbJlLBVb+ZJA1Jyzo54pN/W/uVYmnywkt
an+0q067+RpNDEGXjTNoCROeUIWs3vwGiA1f1Bt3xfeXDTTECJwHIxUpPLmYB91u
g3NUEPqy6B/7QG4PNvwTPFkRntM4Gh//XpfXM1/n5W4sVJK0ohpYEg==
=+WPr
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/security-announce/email@hidden